Check | Description |
---|---|
| Sensitive data is encrypted in the database using strong symmetric encryption (for example, 3DES). |
| Symmetric encryption keys are backed up and encrypted with DPAPI and stored in a restricted registry key. |
| Sensitive data is secured over the network by using SSL or IPSec. |
| Passwords are not stored in custom user store databases. Password hashes are stored with salt values instead. |